CVE-2020-2250

MEDIUM

Jenkins SoapUI Pro Functional Testing Plugin <1.3 - Info Disclosure

Title source: llm

Description

Jenkins SoapUI Pro Functional Testing Plugin 1.3 and earlier stores project passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by attackers with Extended Read permission, or access to the Jenkins controller file system.

References (2)

[Vendor Advisory] https://jenkins.io/security/advisory/2020-09-01/#SECURITY-1631%20%281%29

[Mailing List, Third Party Advisory] http://www.openwall.com/lists/oss-security/2020/09/01/3

Scores

CVSS v3 6.5

EPSS 0.0023

EPSS Percentile 45.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-311

Status published

Products (2)

jenkins/soapui_pro_functional_testing < 1.3

org.jenkins-ci.plugins/soapui-pro-functional-testing 0 - 1.4Maven

Published Sep 01, 2020

Tracked Since Feb 18, 2026